Tag Archives: USA Network

Mr. Robot was our favorite show of 2015

Back in May, I pulled my new copy of Entertainment Weekly out of the mailbox and flipped through it quickly, as I usually do before sitting down to read the whole thing. An article about an unusual premier of a new TV show called Mr. Robot caught my eye. The cyberthriller’s pilot episode was set to make its debut online and through alternative viewing services like Xfinity On Demand, iTunes, Amazon Instant Video, XBOX, and Google Play almost a month earlier than its USA Network television debut on June 24.

USA Network's Mr. Robot tops all the 'Best TV show of 2015' lists

Mr. Robot tops all the ‘Best TV show of 2015′ lists

The next Monday morning, I shared the news about the show with my colleagues, and we all vowed to watch the new drama about a cybersecurity expert who joins an underground hacker group, as soon as we could. We hoped it would be a more realistic version of the security issues we face today than CSI: Cyber or any number of Hollywood movies. We even contemplated having a weekly viewing party with Avast Virus Lab researchers and getting their comments live, a la Mystery Science Theater 3000, if the show was good.

A twist in the plot

The very next day after the initial discussion, one of my colleagues, and regular blog writer, Stefanie Smith, received an email from a Mr. Robot production staff member asking if we would be interested in having an Avast antivirus product make an appearance on one of the upcoming episodes. At the time, a few weeks before the pilot episode even aired, this was a difficult call – but our decision to be a part of the show, even for a brief moment, proved to be the right one.

Mr. Robot has consistently been named one of 2015’s best TV shows, and it received Golden Globe nominations for Best Series, Best Actor for Rami Malek, and Best Supporting Actor for Christian Slater.

We didn’t watch it together with the Virus Lab guys, but every week after the show, we got their expert opinions about the hacks depicted on Mr. Robot. Here’s some of our favorite moments from season one:

1.     Avast guest stars on Mr. Robot

Mr_Robot_03The show’s protagonist, Elliot, attempts to hack into a prison’s network, and fellow hacker, Darlene, helps him by uploading an exploit onto USB sticks. She drops the sticks on the ground, and a police officer picks one up and foolishly inserts it into his work PC. The idea was to inject a customized payload to compromise and gain access to the prison’s network – and then BAM! Avast detects the exploit!

2.     Operation Meltdown

@whoisMrRobot

via USA Network

Elliot wants to control the Steel Mountain secure data facility’s climate control system to overheat it, thus melting ECorp’s tape-based backup. He uses a complicated gateway-impersonating MiTM (man in the middle) attack, ‘Raspberry Pi’, to accomplish his goal. He eventually connects Raspberry Pi to Steel Mountain’s heating and cooling systems. This 3xpl0its.wmv plot is reminiscent of the point of entry in the real-world Target attack.

3.     “People make the best exploits”

via USA Network

via USA Network

One of cybercrooks most successful methods is social engineering; psychological techniques used to exploit human weaknesses. Throughout the show’s episodes we saw examples of this technique. Even among the more sophisticated hacks, these are the ones that freaked us out the most.

Hackers want your personal information

Elliot uses a password-cracking tool many times on the show. On one occasion, he wants to hack his therapist’s new boyfriend, Michael. He calls Michael pretending to be from his bank’s fraud department, confirming his address and asking him security questions to verify his account: What is his favorite baseball team? His pet’s name? Using the information he gathered combined with a dictionary brute force attack, which systematically checks all possible passwords until the correct one is found, Elliot hacks Michael’s account.

Hackers want to steal company data

In episode d3bug.mkv, one of Elliot’s colleagues, Ollie, received a music CD from a fake rapper that turns out to have malware on it. The infection that resulted gave ‘The Dark Army’ access to Ollie’s laptop webcam which was used to spy on him and his girlfriend, Angela. The hacker tells Ollie he has photos of Angela, and even Angela’s and her dad’s banking information and social security number. He threatens to blackmail Ollie if he does not spread the malware within his employer, Allsafe’s, systems.

 

4.     Mobile devices are vulnerable

via USA Network

via USA Network

ECorp baddie, Tyrell, uses a backdoor to get into assistant Anwar’s Android device to install an app that could allow remote access. It’s not strictly necessary to root the phone – just gaining physical access to the phone is all he needed. In this episode, Tyrell used an SD card with an application called RooterFrame to gain access, but the actual Android APK is Framaroot.

Elliot needs to remove a hacked server in episode wh1ter0se.m4v, but has to do it by creating an Allsafe service ticket. This request requires his boss, Gideon, to send the ticket, and he uses two-factor authentication to receive a temporary, second code sent to his phone. Elliot asks Darlene to send Gideon’s phone hundreds of MMS files to drain the battery, forcing him to charge it- and leave it in his office unattended. Elliot takes physical possession of the device, gets the security token and logs into Gideon’s account to submit a request to take down the server.

5.     Real-life physical hacks

Elliot picks the bathroom lock. He explains that “the lock-pick is every hacker’s favorite sport. Unlike virtual systems, when you break it you can feel it.”

Avast was the only roadblock that Elliot ran into that he couldn’t beat. You can protect your own PCs, Android devices, and Macs with Avast Antivirus products. Our flagship product, Avast Free Antivirus, was chosen as PCMag’s Editors’ Choice 2016 for the best free antivirus. Visit the Avast website to check out all our security software.

Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

Are the hacks on Mr. Robot real?

Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.

The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.

I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.

In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.

Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?

Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.

Stefanie: Wow! That’s a bit frightening… How can I protect myself then?

Pedram: You can stay safe while using any public Wi-Fi network by using a Virtual Private Network (VPN). A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects your personal data, thus preventing hackers from accessing your files and other sensitive information stored on your device.

We actually found that more than half of Americans connect to free and open Wi-Fi networks and that of the 55% who do, 76% prefer networks that don’t require registration or a password to connect, yet only 6% use a VPN or proxy while connected to open Wi-Fi.

Fast forward to minute 10:55. We see Elliot with his therapist Krista, whom he hacked (hacking people is clearly his hobby ;) ).

Stefanie: Elliot says that hacking Krista was simple, because her password was her favorite artist and her birth year backwards. We know that you should always use a complex password, more than eight characters and that your password should include letters, numbers, and symbols, but do most people really have complex passwords? Could having simple passwords really put you at risk?

Pedram: Most people, unfortunately, do not have complex passwords. For example, we found that one-third of American’s router passwords contain their address, name, phone number, a significant date, and their child’s or pet’s name. Not only that, but last year we found that most hackers’ passwords were only 6 characters long and that the most frequently used word in their passwords was the word “hack”.

Having a simple password that is either a dictionary word or that is comprised of personal information can put you at risk

If you think about it, bits and pieces of our private lives are scattered on the Internet. Someone can easily do a quick Google search, check out some of your social media sites and with a little time and patience, they can figure out your simple password. Even worse, if you use the same password for multiple sites, you really make it easy for hackers to hack all of your accounts.

Moving forward to minute 25, Angela, Elliot’s friend and colleague, calls him for help because their client, E Corp, a multinational conglomerate, has been hit with a DDoS attack.

Stefanie: What is a DDoS attack? Can this affect the average computer user?

Pedram: DDoS stands for distributed denial of service attack and is used to make a service unavailable. In the end we discover that the attack on E Corp was actually based on rootkits that had subverted a variety of servers, but I’ll continue to describe a DDoS attack.

DDoS attacks are sent by two or more people, but more often by an army of bots AKA a botnet. These bots send so many requests to a server that the server becomes overloaded and cannot provide its service anymore. DDoS attacks target large businesses, so the average computer user does not become affected, unless the service they want to use is not available because it has been hit by a DDoS attack.

However, the average user can help facilitate a DDoS attack unknowingly. We researched home routers and found that millions are vulnerable. Routers are connected to the Internet 24/7 and can be easily exploited and used as a bot, which, as I explained, can be used in a DDoS attack. A famous example is the hack of the Sony Playstation Network and Xbox Live last Christmas – the hacker group claimed they used a router botnet for the attack.

To prevent this from happening, people should make sure their router firmware is always up-to-date and perform a router scan to check if their router is vulnerable or not.

In minute 55, Elliot tries to hack Krista’s new boyfriend, Michael. He calls Michael pretending to be a from his bank’s fraud department, confirming his address and asking him security questions to verify his account: what his favorite baseball team is, his pet’s name. Using the information he gathered combined with a dictionary brute force attack he attempts to get Michael’s password.

Stefanie: What is a brute force attack? Can this happen to the average user?

Pedram: A brute force attack is password guessing which systematically checks all possible passwords until the correct one is found. Think of it like a machine going through a huge dictionary of passwords that types each one into an account to unlock it.

Brute force was likely one of the techniques used in hacking the iCloud accounts which eventually lead to the nude celebrity pics from stars like Jennifer Lawrence and Kirsten Dunst being distributed over the Internet. This type of attack is not exclusively used against celebrities. Hackers can use brute force attacks to hack any user accounts, given they have account email addresses. Typically, they would target accounts that hold credit card or other financial information they can abuse for financial gain. This is why, again, it is vital you use strong passwords for all of your accounts.

Stefanie: Thank you for the chat Pedram. I look forward to discussing Mr. Robot’s next episode, Ones and zer0es with you next week!

You can watch MR. ROBOT on USA Network Wednesday nights 10/9 central.

Follow Avast on FacebookTwitter and Google+ where we will keep you updated on the new Avast video podcast hosted by Pedram Amini.